Security outfit MessageLabs today warns that as the credit crisis worsens so there has been a shift to the online arena for making money via spoofing banks for phishing scams. Between August and September this kind of phishing attack grew by 16 percent, but during September and October it has leapt up 103 percent.
With seemingly never ending change prevailing in the global banking system, the crafty scammers are quick to take advantage of the merger and bailout feeding frenzy by targeting the likes of Bank of America, Wachovia, Chase Manhattan and Washington Mutual.
On one day, the 16th October, MessageLabs reports that it intercepted a rather worrying 7,000 phishing attacks that were exploiting the Bank of America. That's 1.2 percent of the total phishing activity seen for that day, and all in the space of just a 2 hour spike.
On October 17th, those same phishing emails rose to 15,000 and then continued through the weekend untill hitting a total of 125,000 emails or 16 percent of all phishing activity for that weekend.
On October 20th the feeding frenzy turned towards American express with a phishing run that started at 5am and hit 35,000 emails (or 17 percent of total activity) by the end of the day.
"During a trying time like this when banks are making global headlines, we would expect spammers to latch on to the credit crisis to take advantage of vulnerable investors and anxious consumers who have been sorely affected by the events of the past few months and are looking for relief or a boost in confidence," said Mark Sunner, Chief Security Analyst, MessageLabs. "It's crucial that everyone is aware of potential threats and is educated on how to avoid falling victim to them."
So, to coincide with October's National Cyber Security Awareness Month, MessageLabs offers the following security tips to keep consumers and business users protected from financial scams:
- Know that financial institutions will never require customers to share account information or other personal information like social security numbers online or via email. If you receive an email requesting this information, ignore it or report the incident to the appropriate authority, such as www.us-cert.gov/nav/report_phishing.html.
- Avoid clicking on links in emails and Instant Messages, even if the messages come from someone you know. Instead, use browser bookmarks to place mark a commonly used site, or manually type the address into the browser.
- Before entering credit card information online, make sure that the padlock and https is displayed in the browser. This ensures the security of the site. Reviewing the sites privacy and security policies is also recommended.
- Be discriminating about information shared in the public domain such as on social networking sites. Keep personal information private and be careful about accepting connections. They may not really be who they say they are.
- Protect passwords by not storing them on a browser and using different passwords for different sites so the bad guys won't be able to use the same password to access more than one account if the information does fall into the wrong hands. If you suspect you have been phished, change all passwords as soon as possible.